[Bartweiss]

Someone upthread asked "why is NPM different from PyPi/pip in this?"

There are lots of practical answers - PyPi is open source, Python packages aren't so fragmented, and so on. But honestly, a huge part of the difference is that PyPi has sponsors like PyPi and AWS using its baseline implementation. NPM's private repository system means the public system just doesn't have that kind of pressure on it.

[vageli]

I would be deeply surprised if AWS teams use public pypi. Much more reasonable would be to mirror public packages they use internally.

What if a minor version change contains a relicensing of the library, for instance?

[Bartweiss]

Good point. Presumably they're fixing versions, even companies on public registries should do that to avoid re-licensing issues, but it'd be an unreasonable legal & security risk.

I guess my broader thought was that PyPi is a more reliable free offering than NPM because it's not focused on a 'premium' version for the biggest users. But that's different than AWS - presumably they're sponsoring it in a broader "making development accessible is good for AWS" sense.

[vageli]

It's funny because reflecting on this thread later, I got what you were getting in that: the mere fact that NPM offers a private registry means that they are having to split focus on the two offerings. I completely agree in that sense!